Posts by Sarah Vonnegut:

Application Security Vulnerabilties

Understanding Application Security Vulnerabilities: Part One

Mar 04, 2016 By Sarah Vonnegut | As hackers start attacking our applications more and more, it is imperative that organizations begin treating security testing with the same enthusiasm they give to quality testing. Just like if there are major functionality issues or a feature isn’t working the product doesn’t ship – the same attitude needs to go for deploying  with major application security vulnerabilities.   This requires a shift in the company culture that makes security seen as everyone’s responsibility – not just the security teams. One of the best ways to help facilitate that change is to spread security awareness among the different stakeholders, educating them in how to take responsibility for security in their jobs.   For CISOs, it may be discussions around the ROI of security testing; for non-technical employees that may include security awareness courses on how to avoid phishing campaigns. For developers, that education needs to be a bit more in depth – developers, after all, are the ones writing the code that needs to be better secured.  

</Read More>
Blog Headers

Security Testing in the SDLC: A Beginner’s Guide

Feb 26, 2016 By Sarah Vonnegut | As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the code they write is secure well before it gets deployed.   This is where a strong security testing approach becomes an organization’s saving grace.

</Read More>
Software Security Assurance

Software Security Assurance: 4 Secrets to Unleashing the Power of Your Program

Feb 19, 2016 By Sarah Vonnegut | The software and web applications we design, develop and deploy in our organizations are a major resource in and of themselves, without even considering the critical data they may hold. Building secure software should be an essential part of any organization, and yet software security assurance still lags depressingly behind quality assurance in the vast majority of organizations. Software vulnerabilities pose one of the greatest risks to our organizations, yet they’re one of the areas least understood and therefore least attended to.

</Read More>

The Cybersecurity Organizations & Resources You Need to Know

Feb 12, 2016 By Sarah Vonnegut | No matter where you are on your journey in security, there is always room to keep learning. Especially in the security industry, it’s important to aim for a deep understanding of software and how applications interact on the web. In such a dynamic field, there’s no doubt the learning will never end.   Luckily for students of cybersecurity, there are plenty of organizations doing the hard work to help us better understand what we’re working to protect, and how best to secure our own organizations. These organizations are helping fight the “cyber battles” – and are helping us do the same. From nonprofits to university centers to government-funded research facilities, the security industry has its’ bases covered. There’s a never-ending mountain of high-quality research and guides anyone interested can access – if you know the right places to look.

</Read More>
Secure Code Review

5 Best Practices for the Perfect Secure Code Review

Feb 05, 2016 By Sarah Vonnegut | You’ve worked hard to ensure that security tools and processes are integrated throughout development, and an application or update is days or possibly just hours away from release. Your app is ready to go, right? Wrong! You’ve got one more step in the security process before you can give the green light where security is concerned: A Secure Code Review. In many industries, including the healthcare and payment verticals, secure code reviews are a mandatory part of the compliance requirement, and they offer an added layer of security before your application is released. Whether mandated or not, secure code reviews offer an added value for the security of your application and the organization at large.

</Read More>
Ultimate Guide to CSRF

The Ultimate Guide to Understanding & Preventing CSRF

Jan 22, 2016 By Sarah Vonnegut | We hear about SQL injection and Cross-Site Scripting constantly – but there are eight other high-risk vulnerabilities we need to be aware of, just in the OWASP Top Ten. One of those eight is yet another one to keep your eyes out for: Cross-Site Request Forgery, normally shortened as CSRF or XSRF.     CSRF is widespread in today’s web apps, OWASP says, and can cause some major damage when exposed in an app that deals with money or data. Just how much damage? The most powerful CSRF attack is most likely this attack discovered against uTorrent in 2008, which would have given an attacker complete control over a victim’s system using a record three CSRF attacks in a row. And while most CSRF attacks aren’t as damaging as that one, they can do damage, given an opportunity in a data-rich web application.  

</Read More>
Security Experts

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Jan 15, 2016 By Sarah Vonnegut | Each year opens a new Pandora’s Box for the security industry, with a slew of never-before-seen evil wonders that can throw anyone not prepared for a loop. That’s why risk management is so critical in our field – since we can’t know what’s to come, we need to prepare as best we can before that worst-case scenario happens. If you’re not a security expert, though, it can be difficult to figure out where to spend your energy over the year in terms of securing your organization. 
To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.  

</Read More>
Application Security Trends

The Application Security Trends You Can’t Ignore in 2016

Jan 08, 2016 By Sarah Vonnegut | Application security is finally beginning to take wind. After years of being pushed to the background in favor of other areas of IT security, recently we’ve seen a major shift in the security landscape where application security is finally getting attention.With 84% of attacks aimed at the application layer – it’s about time, too.   Application security is a big field, though, and it can be overwhelming to begin an application security program without having an idea of where to start. And that’s where knowing what trends are on the horizon and aligning them to your own organizational needs can be especially helpful.

</Read More>
Most Popular Posts Checkmarx Blog

The 10 Most Popular Posts of 2015

Jan 01, 2016 By Sarah Vonnegut | As we say goodbye to 2015 and begin the new year, we’d like to take a moment to reflect on the great year we had on the Checkmarx blog. We’ve covered a huge array of topics, from interviews with ethical hackers to discussions on the importance of integrating security and DevOps, and it’s that variety that shows through in our most popular posts of 2015.   In the new year, we promise to continue writing articles and guides that will help both security professionals and those wanting to learn more about security progress in their AppSec journeys.   For now, these are the ten most popular posts from the Checkmarx blog in 2015 – enjoy!  

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.